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[57] ABSTRACT 

An authentication system includes a portable information 
device, such as a smart card, that is configured to store and 
process multiple different applications. The smart card is 
assigned its own digital certificate which contains a digital 
signature from a trusted certifying authority and a unique 
public key. Each of the applications stored on the smart card 
is also assigned an associated certificate having the digital 
signature of the certifying authority. The system further 
includes a terminal that is capable of accessing the smart 
card. The terminal has at least one compatible application 
which operates in conjunction with an application on the 
smart card. The terminal is assigned its own certificate 
which also contains the digital signature from the trusted 
certifying authority and a unique public key. Similarly, the 
application on the terminal is given an associated digital 
certificate. During a transactional session, the smart card and 
terminal exchange their certificates to authenticate one 
another. Thereafter, a smart card application is selected and 
the related certificates for both the smart card application 
and the terminal application are exchanged between the 
smart card and terminal to authenticate the applications. 
Additionally, the cardholder enters a unique PIN into the 
terrninaL The PIN is passed to the smart card for use in 
authenticating the cardholder. The three-tiered authentica- 
tion system promotes security in smart card transactions. 

21 Claims, 6 Drawing Sheets 
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AUTHENTICATION SYSTEM AND METHOD commences with a system startup phase. Since the card has 

FOR SMART CARD TRANSACTIONS 00 P ower ^PP^ of its own ' s y stem startu P J? nase 

consists of supplying power to the card and performing a 

TECHNICAL FIELD "cold" boot to establish communication between the card 

5 and terminaL Thereafter, the card and terminal enter an 

This invention relates to portable information devices, authentication phase where the terminal verifies that it is 

such as smart cards, personal digital assistants, pagers, and communicating with an authorized card. This usually entails 

other personal information managers, and the mechanisms ^ smart car< j forwarding its own access code to the 

used to access these devices. This invention is particularly terminal for verification. Following authentication, one or 

well suited for smart card systems, including the smart cards more transactions are conducted and the card is removed 

themselves, cardholders, and terminals into which the smart from ^ terminal, ending the session, 

cards arc inserted for various transactions. More particularly, ^ ^^^^31 sma rt card systems, however, the cards 

this invention relates to systems and methods for authenti- haye boea ^signed to hold just one application. One smart 

eating smart cards, applications, cardholders, and terminals ^ uscd f or a banking/financial application, while 

to protect against fraudulent transactions. another smart card might be dedicated to a security appli- 

BACKGROUND OF THE INVENTION cation for entry t^^^ 

smart card might be dedicated to a health related application. 

Authentication systems are used for security purposes to these conventional systems, the authentication phase 

verify the authenticity of one or more parties (hiring a consists only of verifying that the card is suitable to talk to 

transaction. Traditionally, authentication systems have been ^ tne terminal, typically via the internal access code, 

manual, involving simple personal recognition or quick Unfortunately, there is little or no standardization in the 

verification of the party via some form of additional iden- smart card arena, and thus many different non-compatible 

tification. One very familiar authentication process occurs systems are in existence today. This lack of standardization 

when purchasing an item with a personal check. The sales nas impeded efforts to produce a smart card capable of 

clerk will process the check only if he/she recognizes the ^ handling multiple applications. 

person writing the check or if the person presents another ^ smart eV olve, however, they are expected to 
piece of identification (e.g., a credit card, or driver's license) cairy n^^pie applications— such as banking, travel, retail, 
to verify the authenticity of that person who is offering the sccur ity, identification, health care, and electronic benefits 
check. Another common manual authentication process transfer— on the same card. The same smart card will be 
might occur in an apartment building or at work where a 3Q used t0 fopo^ or withdrawal money from an ATM, keep 
person is authenticated by a security guard or receptionist of freq Uent flyer mileage, permit entry into buildings, 
through visual recognition. store the cardholder's health information, and enable pur- 
Some authenticating systems are electronic. A familiar cn ase of goods and services. With multiple applications, the 
electronic authentication system is used in a common ATM number and complexity of security issues rise. For instance, 
(Automated Teller Machine). Bank members are issued 35 the cardholder does not want his/her employer's entrance 
special ATM cards for use in the ATMs to permit automated security system which interfaces with a security application 
access to the member's account The ATM cards that are on the smart card to gain access to sensitive health care 
primarily in use today consist of magnetic-stripe memory information stored on the same health card, nor does the 
cards that have a single magnetic stripe on one side. The cardholder wish for his/her a doctor to use the health care 
magnetic stripe contains information regarding the bank, the ^ application to gain access to personal financial information, 
member, and his/her account To guard against unauthorized It j s therefore one object of this invention to provide an 
access, the member is also given a multi-digit password or authentication system for ensuring the security of the smart 
PIN (Personal Identification Number). The member inserts canl m ^ mc applications contained thereon, 
the mag-stripe card into the ATM and enters a four digit Because all smart card transactions are conducted 
password or PIN (Personal Identification Number). The PIN 45 e \ tctJon i ca Uy y there is an additional need to ensure for the 
authenticates for the ATM that the person standing at the smajt ^ mat ^ asking for the information is 
ATM is the member who owns the inserted ATM card (or an authenticate, and not a fraudulent machine. In other words, 
authorized person representing that member). there is a need for an authentication system that enables a 
Mag-stripe cards are limited, however, in that they are smart card and terminal to trust each other, as well as 
single purpose cards. For instance, one mag-stripe ATM card 50 verifying that the present cardholder is authenticate. B is 
is used solely for interfacing with a bank ATM, while another object of this invention to provide such an authen- 
another mag-stripe card is used solely fox frequent flyer tication system. 

mileage while another niag-stripc card is uscd solely for SUMMARY OF THE INVENTION 
making long distance telephone calls. 

Today there is a movement toward use of "smart cards" 55 This invention provides a smart card authentication sys- 

instead of mag-stripe cards. A "smart card" is a credit card tern that verifies the user, smart card, application, and 

that has a built-in microcontroller (MCU) which enables the terminal. 

card to modify, or even create, data in response to external In one preferred implementation, the system has a smart 
stimuli. The microcontroller is a single-wafer integrated card that is configured to store and process multiple different 
circuit (IQ which is mounted on an otherwise plastic credit 60 applications. The smart card is assigned its own digital 

carx j certificate which contains a unique public key and a digital 

By virtue of the resident on-chip processor, smart cards signature from a trusted certifying authority. Each of the 

are self-validating and can authenticate various passwords applications stored on the smart card is also assigned an 
off-line without connection to a back end computer. Some associated certificate having the digital signature of the 
conventional smart cards perform an authentication proce- 65 certifying authority. 

dure during each "session", which is the period of time that The system also includes a terminal mat is capable of 
the smart card is inside of a compatible terminaL The session accessing the smart card. The terminal has at least one 
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compatible application which operates in conjunction with FIG. 4 is a diagrammatic illustration of an initial step of 

at least one corresponding application stored on the smart an authentication process of this invention involving the 

card. The terminal is assigned its own certificate which exchange of digital certificates between a smart card and 

contains a unique public key and the digital signature from terminal. 

the trusted certifying authority. Similarly, the application on 5 FIG. 5 is a diagramraatic illustration of another step of the 

the terminal is given an associated digital certificate. authentication process involving the exchange of 

During a transactional session, the smart card and termi- appUcation-related digital certificates between a smart card 

nal exchange their certificates over an unsecured coramuni- and terminal. 

cation path. The path is unsecured in the sense that any party FIG. 6 is a diagrammatic illustration of another step of the 

can intercept and decipher the message. Following this 10 authentication process involving the authentication of a 

exchange, the smart card and terminal each process the cardholder via his or her PIN. 

other's certificate to verify the authenticity of the other. After FIGS. 7 and 8 present a flow diagram of a method for 

this initial authentication, a secure communication path is authenticating a transaction between a smart card and a 

established between the smart card and terminal using terminal. 

encryption techniques and each others' public keys. While 15 ^iG. 9 is a flow diagram of a method for conducting a 

third parties might still be able to intercept the encrypted smart card transaction using a multi-level security protocol 

messages, they would not be able to decipher them. according to another aspect of this invention. 

Thereafter, an application is selected and the application- 

related certificates of the smart card application and terminal DETAILED DESCRIPTION OF THE 

application are encrypted and then exchanged over the 2° PREFERRED EMBODIMENT 

secure communication path. The smart card and terminal This invention concerns authentication schemes and is 

then authenticate the application using the exchanged cer- described in the preferred context of smart cards. However, 

tificates. this invention may be used in conjunction with other small 

As a further level of security, a unique FIN is assigned to programmable portable information devices, in place of 

the cardholder. During the transactional session, the card- smart cards. Such portable information devices include 

holder enters the FIN into the terminal, which then passes pagers, personal digital assistants, personal information 

the PIN to the smart card The smart card compares this PIN managers, and programmable watches. One notable watch 

with the correct PIN kept in its memory to authenticate the that can be used in the context of this invention is the 

cardholder. 30 commercially available Timcx® Data-link® watch. As 

According to another aspect of this invention, a multi- used herein, "portable information device" means a smalt 

level security protocol is established based upon the types portable, electronic apparatus that has limited processing 

and inherent security of different terminals. The security capabilities, limited or no power resources, limited rewnt- 

protocol enables the smart card to be used in many diverse able memory capacity, and is designed to interface with 

applications, from transferring large sums of money 35 external read/write equipment 

between bank accounts to purchasing a fifty cent soda pop. FIG. 1 shows a smart card 10, It is the size of a credit card 

According to the protocol, security levels are assigned to and has a built-in microcontroller (MCU) 12 which enables 

different types of terminals. The security levels have asso- the card to modify, or even create, data in response to 

dated value limits that are imposed for any transaction external stimuli Microcontroller 12 is a single wafer intc- 

occurring at the respective terminal. The certificate assigned ^ grated circuit (IC) which is mounted on an otherwise plastic 

to a particular terminal contains information pertaining to its credit card. Conductive contacts 14 are shown formed on the 

type. Rom this information, the smart card can determine IC to enable interfacing to external read/write equipment In 

the security level for that particular terminal. The smart card other embodiments, however, the smart card can be config- 

then limits the value of the transaction in accordance with ured without physical contacts. Such contactless cards 

the guidelines associated with the security level. 45 receive information via proximity couplings (e.g., magnetic 

According to another aspect ofthis invention, a smart card coupling) or via remote coupling (e.g., radio 

that is specially configured to operate in the authentication communication). A smart card is physically constructed in 

system is described. It is noted that although the smart card accordance with the international standard ISO-7816 which 

embodiment is preferred, aspects of this invention can be governs size and bendable limits of the plastic card, as well 
implemented in other embodiments of portable information 50 «» size 811(1 1^ 011 of me silicon integrated circuit 

devices, such as personal digital assistants, pages, and FIG. 2 shows smart card microcontroller IC 12 in more 

electronic programmable watches. detail. It includes a CPU 20, a volatile rewritable RAM 

According to another aspect of this invention, a method (Random Access Memory) 22, a ROM (Read Only 

for authenticating a transaction between a smart card and Memory) 24, and an EEPROM (Electrically Erasable Pro- 
terminal is also disclosed. 55 grammable ROM) 26. A set of I/O ports 28 are internally 

- ^ . «. coupled to CPU 20 to supply data and control information 

According to yet another aspect of this invention, a from the eternal accessing equipment As 

method for conducing a smart card transaction using a ™J™J ^ ^ yQ ^ £ ound „ 

multi-level security protocol is described. provided at I/O ports 28. One suitable microcontroUer-based 
BRIEF DESCRIPTION OF THE DRAWINGS 60 single-wafer IC that can be used in smart cards is available 

from Motorola Corporation under model number 

FIG. 1 is a diagrammatic illustration of a smart card. MC68HC05SC21. In this chip, the data I/O is serial. 

FIG. 2 is a block diagram of a microcontroller integrated in this invention, smart card 10 contains multiple different 

circuit used in the FIG. 1 smart card. applications and can be concurrently used in many different 

FIG. 3 is a diagrammatic illustration of an authentication 65 domains. For instance, smart cards can be used to store 

system in the context of an ATM banking system according financial data for banking purposes, maintain medical inf ar- 

to an example embodiment of this invention. mation for use by health care providers, track frequent flyer 
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mileage for the cardholder or airline, permit selective tion arena. The certificate is issued by an independent and 

entrance into secin-e faciKties, manage electronic benefits, or trusted third party, known as the "certifying authority'*, 

organize account information for routinely paid services Every participant, including the smart card, the terminal, and 

such as cable TV. ROM 24 stores the multiple applications. the cardholder, trust the artifying authority. Example cer- 

TTiis invention concerns an authentication system which * tifying authorities in .the .finaiuM enviroimient include the 

verifies the authenticity of the interested components prior to federal reserve or a bank. 

conducting a transaction. For purposes of continuing Each assigned certificate contains an expiration date, the 

discussion, aspects of this invention will be described in the holder's serial number, a public encryption key unique to the 

context of employing smart cards to manage financial data. holder, information pertaining to the domain or environment 

In this context, one of the applications stored on the smart w within which the holder may operate (e.g., financial, fre- 

cards relates to managing banking and other financial data. quent flyer, health, etc.), and any other information appro- 

FIG. 3 shows a smart card authentication system 30 in the priate to establish conimunication. TTius, the smart card has 

context of an ATM banking system. Smart card authentic* its own unique public key, as does the terminal and each 

tion system 30 includes smart card 10 and a smart card application. 

termmal32,wmchisenmod^edasanArM.TheArMhasa 15 Before continuing discussion on the authentication 

card reading slot 34, a keypad 36, and a display 38. The system, it would be beneficial to briefly discuss encryption 

terminal has software resident thereon, ox on a remote techniques, and how the digital certificates are used. There 

on-lme computer, which consists of at least one application are different encryption techniques available and in use 

that is compatible, and operates in conjunction, with the today. This invention can be used with any type of encryp- 

corxesponding financial application stored on the smart card. 20 tion technique. For the sake of explanation, the basics of one 

When the cardholder wishes to make a financial common encryption techmque known as "RSA" (™acro- 

transaction, the cardholder begins a transactional session by aym based on the initials of the creators of the encryption 

inserting smart card 10 into a card reading slot 34 of the algorithm) are described below. 

ATM. A "session" is the period of time that the smart card 25 RSA encryption makes use of special mathematical func- 

is inside terminal 32. The session commences wim a system tions referred to as "one-way" functions. According to 

startup phase. Since smart card 10 has no power supply of one-way functions, one or more starting parameters can 

its own, the system startup phase consists of supplying undergo a function to yield an intelligible result, but the 

power to the card and performing a "cold" boot to establish inverse function operating on this result will not produce the 
communication between the card and terminal. The terminal 3Q starting parameters. In mathematical terms, a one-way funo 

sends a reset signal and the card responds to the reset signal tion is represented as follows: 

to establish communication modes and options. j 

Since the smart card 10 stores multiple applications, a F(fl)= * but ^ 

target application is selected from among the multiple appli- Such ^^j, m used to oro<WC e private and public 

cations. In the continuing example, the target application is 35 . wnich m ^si^ed to every party that wishes to 

the financial application. The target application might be parti cipate ^ encrypting messages. The key set is unique 

selected in a number of ways, including both manual and and has the property that if one knows the public key Kp^^ 

automated techniques. For example, the smart card itself Qne cannot s ^ priyate K_ Wwi( *. The public key 

might select the target application that is suited for the ^ . g published for evcr yone to use, while the private 
particular terminal. Alternatively, the terminal might decide 40 jj y u ^ y. k cpt secrct by the holder, 

which of the applications stored on the smart card is com- Far a "message M that is encrypted via an encryption 

patible with the application resident at the terminal. As f^^^ e using one of the keys K, the following holds for 

another example, the user might select the appropriate ^ 
application at the beginning of a session. 

Thereafter, the smart card and terminal enter the authen- 45 EiK^^ M)=M mtcr7P ^ tl _ l 
tication phase which is the primary subject of the this 

invention. During the authentication phase, the terminal *(^^ aC-tk^lj)^ 
verifies that it is communicating with an authorized smart 
card, and the smart card verifies that it is talking to an Dut » 
authorized terminal. According to an aspect of this 50 E(K^^ M €mcr7pia _ i pM 
invention, the authentication phase further authenticates the " 
selected target application that is resident on the smart card Additionally, 
as well as the compatible application resident on the termi- 
nal. Moreover, the authentication technique of this invention E(KpH***> MHC*^**^ 
authenticates the cardholder to the smart card. This multi- 55 u 
level authentication promotes highly secure transactions. a*.****^?** 

To enable such high security authentication, the authen- 
tication scheme of this invention involves assigning unique 

identifications to the smart card, terminal, cardholder, and E(*^«r„ Mmw*^*** 
each application on the card. At their simplest form, the 60 

unique identifications might consist of special passwords Accordingly, in the context of our ATM example, if the 

assigned to each of these participants. In the preferred smart card encrypts a message using the terminal's public 

implementation, however, digital certificates are assigned to key, only the terminal can decrypt it Conversely, if the smart 

the smart card, terminal, cardholder, each application on the card encrypts a message using its private key (which only 
card, and the applications) stored on the terminal. A digital 65 the smart card can do since no one else has access to this 

certificate is a packet of unique information in digital data private key), any other party can decrypt the text using the 

form that is used for identification of a party in the encryp- smart card's public key which is widely known. 
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To establish communication, the smart card uses the smart card and terminal can be assured that it is the other 
terminal's public key that it received in the terminal's legitimate party if the certificate deciphers into intelligible 
certificate to send a message. Only the terminal can decrypt information. It is r*actically impossMe for either jhe ter- 
foemessageusingitsprivatekey.^^ f** or ™« ^ to construct a fraudulent create 

encrypt a reply message using the smart card's public key 5 because neither knows the private key of the certfying 
and only the smart card can decrypt the message. This raise. ".^^ of me authentication process of 

a new issue. When the terminal or smart card receives an kasc rcfcr t0 nGS , ^ which F diagram- 

encrypted message that is supposedly from the other, how m ^ authen ticariiig a financial transaction at 

docs the receiving party really know if it came from the fln ArM / smart card tfTTn ina1. Following the startup phase, 
other?. 10 smar t card 10 and terminal 32 exchange their respective 

To solve this dilemma, encryption algorithms introduce certificates as shown in FIG. 4. More particularly, smart card 
"digital signatures** which are employed to ensure that the 10 scnds its card-related certificate 40 to terminal 32 and the 
appropriate parties are communicating with each other. terminal sends its terminal-relates certificate 42 to smart 
Thus, when the smart card encrypts a message using the car( j jq. These initial certificates are sent over an open, 
terminal's public key, it tags a personalized digital signature 15 unsecured channel. 

onto the message. The smart card encrypts the combined ft {$ noted that the communication channel in an ATM Is 
message using its own private key. The resulting commu- likely to be a direct or proximal coupling between the smart 
nication is represented as follows: card and terminal. However, in another implementation, a 

terminal might be communicating remotely with a personal 
E^Ksc^^ E(K 7 _puu* AO+sc signature) 20 digital assistance or watch via radio or optical comrrninica- 

tion. Accordingly, this invention contemplates various elec- 
The terminal receives the communication and decrypts it xtonic and communication means for exchanging certificates 
using the smart card's public key. This decryption yields a over ^ unsecured communication path, including direct and 
scrambled part that contains the encrypted message and a re mote coupling. An example direct exchanging means 
legible part that consists of the smart card's signature. Since 25 i ncni (ies hardware and software in the terminal's and smart 
the communication was decrypted using the smart card's card's CPUs far coordinating digital transfer of certificates 
public key, it follows from the above discussion of the oyer physical conductors present in both the terminal and 
one-way encryption function E that only the smart card smart Example remote exchanging means include 
(using its private key) could have encrypted the entire components (hardware, software, transmitters, receivers, 
communication. Thus, upon seeing the smart card's digital 3Q etc ^ used to ena bi e the swapping of certificate using optical 
signature, the terminal is assured that the communication transmission, radio transmission, magnetic transmission, or 
truly came from the smart card. The terminal discards the infrared transmission. 

digital signature and then decrypts the other part using its M Stt0 wnin FIG. 5, terminal 32 and smart card 10 use the 
own private key to obtain the original message M. certificates to establish the authenticity of each to the other. 

Note that any party can intercept the communication 35 smart for example, has decryption firmware 
between the smart card and terrninal and use the smart card' s loaded in its CPU to decipher the certificate from terminal 32 
public key to determine that the communication came from thc certifying authority's public key in the manner 

the smart card. However, that intercepting party cannot described above. The smart card CPU learns the identity of 
decipher the encrypted message because they do not know the tcnninal from the deciphered certificate. This permits the 
the terminal's private key. 40 sm art card to verify the authenticity of the terminal. The 

This encryption scheme therefore ensures for the receiv- terminal has a similar intelligence to verify the authenticity 
ing party (i.e., the terminal in this example) that the com- of ^ smalt card. 

muni cation is from the desired sending party (Le., the smart ^ c smart card and terminal also use each others 1 public 
card) and that only the receiving party can read the original 0D tained from the certificates to create an encrypted 

message. 45 communication channel 44 that is secure to outsiders. 

The encryption scheme only works, however, if the ter- Although outsiders can still intercept messages, they will not 
minal and smart card trust each other's identity. be able to dec^her mem for me reasons given ab<>ve during 
Accordingly, the "certifying authority" is introduced as a discussion of basic encryption schemes, 
trusted third party to the transaction. The terminal and smart jjjq 5 ^ so sno ws a second authentication level according 
card each prove their identity to the satisfaction of the 50 t0 ^ invention. Once cornrnunication between the smart 
certifying authority and deposit their public keys with this m ^ terminal is established, one of the many applica- 

authority. In turn, the certifying authority issues a digital tions store d on the smart card is selected. In our continuing 
certificate that contains an expiration date, the holder's serial example, the financial/banking application on the card is 
number, a public encryption key unique to the holder, se i e cted from among other applications (such as frequent 
information retaining to the domain or environment within 55 g ycr mileage, health care, etc) to interface with the com- 
which the holder may operate (e.g., financial, frequent flyer, p au ble financial/banking application resident at the ATM 
health, etc.), and any other information appropriate to estab- terminal. The application-related certificates 46 and 48 asso- 
lish communication. The identification information is dated with the selected application are then exchanged 
encrypted using the certifying authority's private key, as between terminal 32 and smart card 10 over encrypted 
follows: 60 channel 44. These application-related certificates 46 and 48 

are used to authenticate the applications resident at the 
Catificatc^Kc^^ "Expiration, Card Serial*, Ksc^m, tenninal and smart card. That is, the decryption and vcrifi- 
ctc * cation firmware in the smart card CPU and similar software 

During the initial communication in the authentication at the terminal use the identification information in the 
phase, the smart card and terminal exchange their certifi- 65 exchanged application-related certificates to authenticate the 
cates. Both the smart card and terminal decipher the other's selected card application and the compatible terminal appli- 
certificate using the certifying authority's public key. The cation. 
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The additional, application level of authentication into anything. At step 110, the card-related certificate is 

enhances security by preventing an unscrupulous party from passed from the smart card to the terminal. Concurrently, the 

placing a fake application on an otherwise authenticated terminal-related certificate is passed from the terminal to the 

terminal or smart card. For instance, a high-tech thief might smart card (step 112). The smart card and terminal authen- 

try to program a smart card with an imitation application 5 ticate each other based upon &e information and digital 

designed to access and alter bank records. If the imitation signatures contained in their exchanged certificates (steps 

application does not have the necessary certificate and ^ ^ 
digital signature of a certifying authority, the terminal will 

quickly ascertain that it is not an authenticate application Through the use of encryption techniques, the messages 

and reject the smart card as fake before conducting any 10 between the terminal and smart card can now be sent over 

transaction. a communication path that is considered to be secure from 

Similarly, the application level authentication helps pie- the standpoint that third parties will be unable to decipher 
vent transactions from occurring at a fraudulent terminal. mc exchanged messages (step 118). At step 120, the card- 
Suppose, for example, a person was able to load an imitation nolder cntcrs his/hQ. pr>j a t the terminal. The PIN is passed 
application on an otherwise authenticated terminal with the 15 from ^ terrn inal to the smart card so that the smart card can 
intention of gaining access to banking records kept on authenticate ^ user (steps 122 and 124). 
peoples' smart cards. If the smart card determines that the . J 
terminal-resident application is not authenticate, it wOl cease At step 126, one of the applications stored on the smart 
all communication and forego conducting any transaction. card is selected. As noted above, mis selection might be 

It is noted that the decryption/verification intelligence 20 made by the user, the smart card, or the terminal. The 

provided at both the smart card and terminal form an application-related certificates are then exchanged between 

example authentication means for verifying the authenticity th c smar t card and terminal (step 128). The identity iafor- 

of the smart card, terrninal, and applications to each other. nation and digital signatures of the certifying authority 

FIG. 6 shows a third level in the authentication scheme of contained i n the certificates are used to authenticate each 

mis invention. Thus far only the card, terminal, and apph- 25 u tfon (step 130) a ll three levels of 

cation have been authenticated It is also desirable to venfy ^^^^ card/lcrmiaa i, cardholder, and 

that the person requesting the transaction is the authorized au " l . u ^ . \ /^ 

oardholdeTA unique PIN (Personal Identificatioa Number) application-** desired transactions) is performed (step 

50 is assigned to the cardholder. During the authentication 132) using encrypted information exchanged between the 

phase, a user is requested to enter his/her PIN 50 via input 30 terminal and smart card. 

keypad 36. Terminal 32 passes PIN 50 directly to smart card the above ATM example, the three-tiered authentica- 

10 so that it can verify the identity of the cardholder. The tion sy Steni ^ usea ; because it yields a highest security leveL 

smart card compares the entered PIN with a stored PIN that However, there are other applications and environments 

associated with the true cardholder. If the entered PIN ^ sccurity is not important For instance, 

matches, the user is deemed authentic to the smart c^d This 35 configured as a soda pop machine. 

third authentication level even further improves security as * ^V. . - . M „ j7 m9r t ^rHtX™,v* thp 

now all relevant participants (card, terminal, appUcation, * would be desirable to permit the smart card to make the 

ami user) are aum^ticaTed. purchase of an inexpensive soda pop drink without having to 

The transaction phase of the session is preferably con- go through the multiple authentication steps. In this case, it 

ducted only after the multi-level authentication phase is 40 might be enough security to simply authenticate the terminal 

completed. Here, any banking transactions are performed by examining if it has an unexpired certificate, 

only after the smart card, terminal, application, and user This leads to another aspect of this invention. The authen- 

have been authenticated. Only then will sensitive iirforma- ^ of m ^^on can be configured to 

tion be permitted to flow between me smart card and mmmM 

terminal. This information is likewise encrypted and sent 45 ««* J 

, . AA 11 j 4B ^j l« 00 nf;^. «„. ritv levels are established based upon the type 01 terminal, 

over secure channel 44. When all desired transactions are v „ A . t , 

conducted, the card is withdrawn from the ATM terminal In general, there are three types of terminals: unsecured, 

and the session is terminated. secured off-line, and secured on-line. An unsecured terrninal 

FIGS. 7 and 8 show a method for authenticating a smart is one that has not been authenticated. A secured off-line 

card transaction according to this invention. At step 100, a 50 terminal is one that is an off-line stand alone machine (Le., 

certificate is assigned to the smart card. The card-related one that is not connected on-line to another computer 

certmcate has a mgital signature of a cextified authority and system) which has been authenticated by an unexpired 

a public key unique to the card for use in data encryption. At certificate. A secured on-line terminal is one that is on-line 

step 102, a certificate is assigned to the terminal In a like with another computer system and has been authenticated by 

manner, the terminal-related certificate has a digital signa- 55 an unexpired certificate. 

ture of the certified authority and a public key unique to the ^ of Xan ^ DS ^ i s added as part of the identity 

tenmnal. At step 104, a certificate is assigned to each information contained in the terminal-related certificate, 

application stored on the smart card and tothe appUcation at sccur _ levds m established based upon these 

the terminal Each appHcation-related certificate also con- ^ transaction, the appropriate security 

^sadigitalsi^^^ 60 leyel h V %^ &1 % sma ; cardbaL upon the 

key unique to the associated >?£"*^ At step 106, a information contained in the terminal-related 

unique PIN is assigned to the cardholder. ™f . : K , v v u ^^^^^a 
At step 108, a transactional session is commenced certificate. In ao^ition, value hmits can be set ^ mociated 
between the smart card and the terminal. In our ATM security levels for any transaction that is conducted during 
example, the session commences when the smart card is 65 a transactional session. The following table provides an 
inserted into the card reader slot of the tenninal; although in example implementation of a five-level security protocol 
other implementations, the card may not actually be inserted according to this invention. 
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Security 

Level Te rminal Type Value Exampb Application 



0 


Not Authenticated 


0 Dispatch Name, 






Address of Firm 


1 


Off-Liae; Authenticated via 


£$5 Soda Pop Machine 




Unexpired Certificate 




2 


On-line; Authenticated via 


£$50 Purchasing Tickets 




Unexpired Certificate 


for Sporting Event 


3 


Off-Line; Authenticated via 


No Long Distance 




Unexpired Certificate and 


Limit Telephone Call 




User PIN 




4 


On-Line; Authenticated via 


No ATM Transaction 




Unexpired Certificate and 


Limit 




User PIN 





FIG. 9 shows a flow diagram of a method for conducting 
a smart card transaction using the security levels from the 
above table. At step 150, the five security levels are estab- 
lished based upon the different categories of terminals. At 
step 152, the smart card determines the type of terminal 
(from the terminal-related certificate) and ascertains the 
appropriate security level. Depending upon the security 
level the authentication system limits the value of a trans- 
action in those instances where low security terminals are 
involved. 

At decisional step 154, it is determined whether the 
terminal is unsecured, thereby having a security level 0. If it 
is (Le., the "yes" branch), there is no way to authenticate the 
terminal (step 156) and thus no way to trust the terminal. As 
a result, the smart card will only output public information, 
such as the cardholder name, address, and social security 
number (step 158). 

If the terminal is not at security level 0 (i.e., the "no" 
branch from step 154), the terminal is checked for the next 
security level 1 at step 160. If the terminal is an off-line 
terminal which has an unexpired certificate but does not 
require a PIN entry, the smart card designates this terminal 
as having a security level 1 which requires authentication of 
the terminal and application (step 162). Since there is less 
security in an off-line terminal, the value limit for any 
transaction at a level 1 terminal is less than or equal to five 
dollars (step 164). 

At step 166, the smart card ascertains whether the termi- 
nal has a security level 2, meaning that the terminal is an 
on-line terminal which has an unexpired certificate but does 
not require a PIN entry. If the terminal meets this profile, the 
smart card authenticates the terminal and selected target 
application (step 168) and all transactions are limited to a 
slightly higher amount, say $50 (step 170). 

At step 172, the smart card examines whether the terminal 
satisfies the profile for a security level 3, which is an off-line 
terminal having an unexpired certificate and requiring a PXN 
entry. If it satisfies the profile, the full three-level authenti- 
cation scheme described above in detail is undertaken to 
authenticate the terminal, smart card, application, and card- 
holder (step 174). In this example, the value of this trans- 
action is not limited to a specific dollar amount (step 176)* 

Finally, at step 178, the smart card determines whether the 
terminal is at the highest security level 4, meaning that the 
terminal is an on-line terminal which has an unexpired 
certificate and requires PIN entry. If the terminal is a level 
4, the full authentication process is used (step 180) and the 
transactional value is not limited (step 182). 

The multi-level security protocol promotes varying 
degrees of security depending upon the type of terminal and 
transaction to be undertaken. As a result, the smart card has 
tremendous flexibility and can be used for many different 
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applications. Far example, the same smart card can be used 
to transfer thousands of dollars between bank accounts or to 
buy a fifty cent soda pop drink. By limiting the dollar 
amount of transactions in less secure terminals, the smart 

5 card protects the cardholder's assets from any attempt to 
gain fraudulent access to them 

Another aspect of this invention concerns a smart card 
that is constructed to operate within the authentication 
system described above. With reference again to FIGS. 1 
and 2, smart card 10 of this invention has memory (in the 

10 form of RAM 22, ROM 24, EEPROM 26, and possibly 
some limited memory within CPU 20) which can be used to 
store its card-related certificate, multiple applications, and 
corresponding application-related certificates for each appli- 
cation. As noted above, these applications may be in many 

15 diverse environments, including health care, financial/ 
banking, frequent flyer, eta One application might also be in 
the form of a file system capable of maintaining data in 
multiple different files. Such an application enables newly 
issued smart cards to be backwards compatible to emulate 

20 earlier versions of a smart card. The file systems are pref- 
erably constructed in compliance with the standards set forth 
in ISO 7816. 

Smart card 10 also has a processor 20 which is pro- 
grammed to: (1) output the card-related certificate to a 

25 terminal and to receive a terminal-related certificate from the 
terminal; (2) authenticate the terminal based upon the 
received terminal-related certificate; (3) select an applica- 
tion from among the multiple applications stored in the 
memory; (4) output an application-related certificate for the 

30 selected target appli cation and receive an application-related 
certificate of a corresponding application resident at the 
terminal that is compatible with the selected application; and 
(5) authenticate the application resident at the terminal based 
upon the received application-related certificate therefrom 

35 The processor has appropriate encryption/decryption soft- 
ware to enable it to send and receive encrypted messages. 

In addition, the smart card is constructed to authenticate 
the cardholder via his or her associated PIN. The smart card 
has the correct PIN stored in its memory. When the entered 

^ PIN is received from the terminal, the smart card compares 
the entered PIN with the stored PIN to verify the authenticity 
of the cardholder. 

The invention is not limited to the specific embodiments 
described in this specification, but shall be construed to 

45 cover equivalent embodiments. 
We claim: 

1. A method for authenticating a transaction between a 
portable information device and a terminal, the portable 
information device storing a device-related certificate 
50 unique to the device and the terminal storing a terminal- 
related certificate unique to the terminal which includes 
information regarding a type of terminal, the method com- 
prising the following steps: 

exchanging the device-related and terminal-related cer- 
5J tificates between the portable information device and 
the terminal during a transaction; 
authenticating the portable information device and the 
terminal to each other using the exchanged device- 
related and terminal-related certificates; 
60 detennining, at the portable information device, a security 
level for the terminal based on the terminal type 
information contained in the terminal-related certificate 
received from the terminal, the security level having an 
associated value limit for a value of the transaction 
65 conducted during the transactional session; and 

restricting the value of the transaction to the value limit 
associated with the determined security level. 
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2. A method as recited in claim 1 and further comprising 
the additional step of encrypting communication between 
the portable information device and the terminal during the 
transaction. 

3. A method as recited in claim 1, wherein the portable 
information device is associated with a user who has a 
unique PIN, and further comprising the following additional 

steps: 

receiving the PIN at the terminal during the transaction; 

passing the PIN from the terminal to the portable infor- 
mation device; and 

authenticating the the user at the portable information 
device. 

4. A method for conducting a transaction between a smart 
card and multiple various types of terminals that are each 
capable of accessing the smart card during the transaction, 
each terminal having at least one resident application stored 
thereon, the method comprising the following steps: 

storing multiple applications on the smart card, the appli- 
cations being compatible target applications which 
operate in conjunction with a corresponding said resi- 
dent application stored on each of the various termi- 
nals; 

establishing multiple security levels for corresponding 25 
types of terminals, the security levels having associated 
value limits for limiting a value of any transaction 
conducted on the corresponding terminal type; 

assigning a card-related certificate to the smart card, the 
card-related certificate having a digital signature of a 
certified authority and a public key unique to the smart 
card for use in data encryption; 

assigning terminal-related certificates to the various types 
of terminal, each terminal-related certificate having the 
digital signature of the certified authority and a public 
key unique to the terminal for use in data encryption, 
said each terminal-related certificate also having infor- 
mation regarding the type of terminal; 

assigning an application-related certificate to each appli- 
cation stored on the smart card and to the resident 40 
applications at the terminals, each application-related 
certificate having the digital signature of the certified 
authority and a public key unique to that application; 

commencing a transactional session between the smart 
card and a particular one of the terminals; 

exchanging the device-related and terminal-related cer- 
tificates between the smart card and the particular 
terminal; 

authenticating the smart card and the particular terminal 
to each other using the exchanged device-related and 
terminal-related certificates; 

determining the security level for particular terminal, at 
the smart card, using the terminal type information 
contained in the terminal-related certificate received 
from the particular terminal; 

selecting a target application from among the multiple 
applications stored on the smart card that is compatible 
with the resident application stored at the particular 
terminal; 

exchanging, between the smart card and the particular 
terminal, the application-related certificates assigned to 
the selected target application stored on the smart card 
and the resident application stored at the particular 
terminal; 

authenticating the target and resident applications using 
their exchanged application-related certificates; 
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conducting the transaction after the target application has 

been authenticated; and 
restricting the value of the transaction to the value limit 

associated with the security level determined for the 

particular terminal. 

5. A method according to claim 4 and further comprising 
associating monetary value limits with the different security 
levels. 

6. A method as recited in claim 4 and further comprising 
the following additional steps: 

associating the smart card with a cardholder; 

assigning a unique PIN to the cardholder; 

inputting the PIN to the particular terminal during the 

transactional session; 
passing the FIN from the particular terminal to the smart 

card; and 

authenticating the cardholder at the smart card 

7. A method as recited in claim 6 wherein the multiple 
various terminals are off-line and on-line types of terminals, 
the method further comprising the following additional 
steps: 

establishing a first security level that is associated with an 
off-line terminal that has an unexpired terminal-related 
certificate; 

establishing a second security level that is associated with 
an on-line terminal that has an unexpired terminal- 
related certificate, the second security level being of 
higher security than the first security level; 

establishing a third security level mat is associated with 
an off-line terminal that has an unexpired terminal- 
related certificate and requires the PIN from the 
cardholder, the third security level being of higher 
security than the second security level; and 

establishing a fourth security level that is associated with 
an on-line terminal that has an unexpired terminal- 
related certificate and requires the PIN from the 
cardholder, the fourth security level being of higher 
security than the third security level 

8. A method as recited in claim 7 and further comprising 
associating monotonically increasing monetary value limits 
with the first through fourth security levels, respectively. 

9. A method as recited in claim 4 and further comprising 
the additional step of encrypting the application-related 
certificates before exchanging them using the public keys 
from the device-related and terminal-related certificates that 
have already been exchanged 

10. A system comprising: 

a portable information device having a microprocessor 
capable of processing multiple applications, the por- 
table information device having an associated device- 
related certificate; 

multiple terminals of various types capable of accessing 
the portable information device, the terminals having 
associated security levels wherein the security levels 
have associated value limits for a value of a transaction, 
each terminal having an associated terminal-related 
certificate which contains information pertaining to the 
terminal type; 

means for exchanging the device-related and terminal- 
related certificates between a particular terminal and 
the portable information device; and 

the portable information device having means for deter- 
mining the security level for a particular terminal based 
upon the terminal type information contained in a 
terminal-related certificate associated with the particu- 
lar terminal. 
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11. a system as recited in claim 10 wherein the portable 
information device comprises a smart card. 

12. A system as recited in claim 10 wherein the portable 
information device comprises a portable personal digital 
assistant 

13. A system as recited in claim 10 wherein the portable 
information device comprises an electronic watch. 

14. A system as recited in claim 10 wherein the portable 
information device has a file system for managing multiple 
files. 

15. A system as recited in claim 10 and further comprising 
an input mechanism at the terminal to enable a cardholder to 
enter a PIN, the terminal transferring the PIN to the portable 
information device so that the authentication means can 
verify the authenticity of the cardholder to the portable 
information device. 

16. A portable information device for use in transactions 
with a terminal, the portable information device comprising: 

a memory for storing at least one application; 

a processor programmed to: (1) receive a terminal-related 
certificate from the terminal, the terminal-related cer- 
tificate containing information pertaining to the type of 
terminal; (2) authenticate the terminal using the 
received tenninal-related certificate; (3) analyze the 
terminal type from the information contained in the 
terminal-related certificate: and (4) limit any transac- 
tion to a selected monetary amount based upon the the 
type of terminal. 

17. A portable information device as recited in claim 16 
wherein the processor is programmed to encrypt communi- 



cation output to the terminal and to decrypt communication 
received from the terminal. 

18. A portable information device as recited in claim 16 
wherein the memory stores a PIN of an associated user, the 

5 processor is further programmed to receive a FIN from the 
terminal and to authenticate the user based upon the received 
PIN. 

19. A portable information device as recited in claim 16 
10 wherein the memory stores multiple applications and one of 

the applications comprises a file system capable of manag- 
ing multiple files. 

20. Computer-readable media resident at the portable 
information device and the terminal having computer- 

15 executable instructions for performing the steps in the 
method recited in claim 1. 

21. In a system involving a transaction between a portable 
information device and a terminal, a computer-readable 
media provided at the portable information device having 

20 computer-executable instructions for performing the follow- 
ing steps: 

receiving a certificate from the terminal, the certificate 
containing information pertaining to a type of terminal; 
25 analyzing the terminal type from the information con- 
tained in the certificate; and 
limiting any transaction with the terminal to a selected 
value based upon the type of terminal 



04/19/2004, EAST Version: 1.4.1 



